This is a follow up from “DNS is the backbone of the internet, get it wrong and it can cause serious problems - just look at the Daily Express website”. On Tuesday this week I visited the Daily Express by typing in it’s address manually not using a search engine. A search engine would take you to www.express.co.uk but enter it manually and you go to http://express.co.uk.
As covered last time the www A record sends you to www.express.co.uk and the @ A record sends you to http://express.co.uk. On entering http://express.co.uk on Tuesday I ended up at www.bluechief.ie. Both Blue Chief and the newspaper use Dublin. AWS for their hosting. I tweeted to Blue Chief and The Daily Express, and emailed The Daily Express on the same day of discovering the issue.
By The Daily Express entering 126.96.36.199 not 188.8.131.52, end users typing in http://express.co.uk ended up at Blue Chief’s website not express.co.uk. A simple mistake with bad consequences. Bluechief.ie for likely 24 hours received a fair chunk of express.co.uk’s web traffic hence overloading their website for the time period.
The Daily Express has not replied yet to the email nor the form submission, but Shannon of Blue Chief did…
It turns out getting free traffic intended for a major UK tabloid has its cons. Another thought is, can you actually protect against this type of “DDoS” attack since the traffic is from genuine users just hitting the wrong website?/! The answer might be with difficulty since they are normal home users manually going to a website not controlled as part of a botnet or using a special malicious tool.
The moral of the story? Manage your DNS records properly and monitor your website for errors!
*The first time (I spotted this) was Manga High in September.
How the Daily Express accidentally DDoS’ed a small Limerick based design agency (again!*)
- Hits: 935